RSA Ranks India among Top 4 Countries to Be Targeted By Phishing Attacks

Phishing in 2011 did keep a strong focus on financial fraud, although the various attacks witnessed were more diverse than ever. Throughout the year, financial institutions consistently comprised at least half of the entities targeted by phishing. Consequently, financial institutions also topped the chart of entities whose web pages were spoofed to serve as the face of a majority of phishing attacks. Payment services were the second most highly targeted industry followed by retail at third.

In 2011, approximately one in every 300 emails circulating the web was deemed to contain elements pointing to phishing. Most phishing content targeted the public sector, which was followed by the SME business sector.

Compared with the total numbers of phishing attacks recorded in 2010, phishing numbers have increased considerably through the past year. The cumulative number of phishing attacks recorded through 2011 was 279,580—a 37% increase from 2010.

In December 2011, phishing volumes decreased 26 percent with 21,119 unique phishing attacks identified by RSA worldwide. The UK continued to be country most targeted by phishing attacks in December, suffering 50 percent of global volume while the U.S. continued to be the top hosting country hosting 52 percent of the world’s phishing attacks in December.

The Security Division of EMC announced the findings of its May 2012 Fraud Report, ranking India amongst top four countries targeted by phishing attacks by brands. 50 percent of all phishing attacks worldwide in April were on brands present in US, UK, Australia and India.

U.S. nationwide brands saw a 24 percent increase in phishing attacks in April, as per the report. It also revealed that in April, only five countries endured more than one percent of phishing attack volume – with over 90 percent of the entire volume targeted at the U.K., Canada and the U.S.

In 2011, phishing attacks also received better coverage around the globe, with brands targeted from 31 different geographies and phishing emails communicated in 16 different languages – reaching an even more diverse crowd of Internet users. April 2011 also saw 86 percent increase in the total number of global phishing attacks as compared to the previous month, with a total of 35,558 unique phishing attacks identified by RSA globally.

Last month, the portion of brands targeted in the U.S. credit union sector decreased three percent as did the portion of brands targeted by phishing in the U.S. regional banks sector (decreasing seven percent). The portion of attacked brands representing U.S. nationwide banks increased ten percent from 76 percent to 86 percent. This represents the highest portion of brands in the U.S. nationwide banking sector targeted by phishing in the last year.

As per RSA’s AFCC May 2012 report, Citadel Trojan’s fourth upgraded version is already available in the market. Citadel Trojan is based on Zeus Code and it has all the functions going way beyond any crimeware kit till date. Citadel is the only commercial malware in the cybercrime arena being aggressively marketed to criminals and is a crimeware kit to be reckoned with in 2012. RSA noticed 20 percent increase in the use of Citadel in the Trojan attacks detected between March – April 2012.

CONCLUSION

Looking at the year in phishing, it is clear that phishing has become easier than ever before with more automated toolkits available. The Anti-Fraud Command Center is a 24x7 war-room that detects, tracks, blocks and shuts down phishing, pharming and Trojan attacks perpetrated by online fraudsters. An effective countermeasure against online fraud, RSA Fraud Action has shut down more than 160,000 illicit web sites across 140 countries to date, protecting more than 320 organizations. Its fraud analysts shut down websites hosting online attacks, deploy countermeasures, and conduct extensive forensic work to help catch fraudsters and prevent future threats – significantly reducing the average lifetime of an online attack.